Every time you make a phone call without first blocking the CallerID service (by pressing *67) the phone number you are calling from is passed along to the phone of the person whom you are calling. This takes place very quickly between the first and second ring of the phone. If they have a CallerID equiped phone, they’ll be able to view what number you are calling from before deciding whether or not to answer the call. The information that is passed along during the first and second ring of the phone is called your Automatic Number Identification, or ANI (Pronounced “Annie”) Instead of pressing *67 and blocking your ANI from being sent, you can actually change, or “spoof”, your ANI to appear to be calling from somewhere you are not. This article explains the history of ANI spoofing, and how you can spoof your CallerID easily and legally.
CallerID spoofing has had it moments in the spotlight of controversy. It has been used for everything from commiting fraud to playing practical jokes. It can be used to provide anonymity when dealing with intimidating people, or it can be used to trick a PBX into thinking you are the owner and allowing you access without authentication. CallerID spoofing is just now becoming mainstream. Many fun new uses for it are coming to light. However it wasn’t always as easy as it is today, nor where it’s uses as innocent.
Computer hacker’s where the first to start spoofing thier CallerIDs, particularly the small branch of hackers who “specialize” in manipulating telephone equipment, calling themselves “Fone Phreaks”. They had two primary methods of spoofing thier CallerIDs, both where very tricky. The first method was to cause an “ANI Failure”. They would dial a local operator and cause distortion on the phone line between the first and second ring of the phone. This would confuse the operator’s equipment, so the operator would ask the hacker what number he was calling from. The hacker would lie and the operator would put that wrong number into the computer, thus passing along the wrong ANI when she finished connecting his call. Whomever the hacker called would see the number the hacker told the operator on thier CallerID device.
The second method hackers used to spoof thier CallerID was called “Op-Diverting” (short for Operator Diverting). The hackers would keep a record of different phone companies and what services they provided. They would choose a company that didn’t offer the CallerID service, thus would not be likely to pass their ANI along to the called party. A hacker would call an operator at one of these phone companies and ask to be forwarded to an operator at a company that did support CallerID. The operator would perform his request. The new operator, not having recieved the hacker’s ANI, would be a bit confused when answering the phone. She would ask the hacker what number he was calling from. He would lie. She would input that number as his ANI, and pass it along to whomever the hacker decided to call. Again, whomever the hacker called would see, on thier CallerID device, the number the hacker had told the operator he was calling from.
Though the above methods are complicated and involved trickery, they were not illegal. What was (and still is) illegal is the what the hacker’s did with thier spoofed CallerIDs. Hacker’s would spoof thier CallerID’s to appear to be calling from corporate offices, senior officers, banks, the phone company, a newspaper, etc. The people they were attacking would have no reason to suspect them, for no CallerID wouldn’t lie, would it? In addition, some telecommunications devices, such a PBXs and even some answering machines, would recognize the phone number of the owner, and automatically log them in without requiring authentication. Hackers would mearly have to learn a person’s home phone number, spoof thier CallerID to match it, and call one of these devices. The devices would look at the CallerID, think the hacker was the true owner, and automatically log him into the victim’s device without further authentication. These actions, and other’s like it, essentially amount to digital identity theft, and are illegal.
Nowdays the techniques mentioned above no longer work in the united states, for the phone companies have caught on to hacker’s tricks. The makers of telecommunications equipment now require all callers, regardless of what number they are calling from, to be authenticated with pin numbers before being allowed access to thier systems. People have since become less trusting of thier CallerIDs, and the curiosity around CallerID spoofing has grown drastically. Many phone companies have caught on to this, and now actually offer CallerID spoofing as a service you can pay for! Which brings me, as promised, to how you can spoof your own CallerID.
As mention, companies now offer a service that was once stolen by hackers. For a small fee companies like Telespoof (www.Tellespoof.com) will make you a special calling card. To use it you simply call the toll free access number like any other calling card. However, instead of only being asked what number you want to call, you are also asked what you want your CallerID to be. They’ll place your call and your CallerID information will be sent exactly as you want it to be. It really is as simple as that. Other companies also exist and can be found via a simple Google search. What was once a complicated task requiring little-known, underground techniques, can now be done simply, and legally.
You can use your ability to spoof your CallerID for many purposes, not the least of which is convincing your best friend he’s being called by someone from the whitehouse. You may also find it valueable for completing anonmous calls to numbers that automatically reject calls from anonomous callers. Also, you can feel safe knowing that the last person you called wont be able to do a *69 (Automatic call back), or a *57 trace to determine where you live. I’m sure you can think of plenty of fun and creative things to do while spoofing your ANI.
